Last updated: May 9, 2026
SpellRack uses cookies, sessionStorage, and localStorage to keep you logged in, secure your sign-in flow, remember your UI preferences, and measure how the product is used. We do not use cookies for cross-site advertising. We do not sell your data.
auth_session — Lucia session cookie. Essential: required for login. HttpOnly, Secure, SameSite=Lax. Lifespan: rolling 30-day session.discord_oauth_state / discord_oauth_verifier — OAuth CSRF + PKCE values for the Discord sign-in flow. Essential: prevents OAuth replay attacks. Transient — set when you click "Sign in with Discord", cleared on completion or after ~10 minutes.spellrack_attribution — first-touch UTM parameters (source, medium, campaign) so we know which marketing channels work. No personal data. Lifespan: 30 days.feedback_fab_dismissed — sessionStorage entry that remembers you closed the floating feedback button this session. Cleared when you close the browser tab.ph_*): product analytics — page views, feature usage, error tracking. Self-hosted, first-party-style cookies. No cross-site tracking, no advertising integrations.__stripe_*): fraud prevention and payment processing. Set only on /upgrade and Stripe Checkout pages, not site-wide. Required by Stripe to protect your transaction.We do not embed Google Analytics, Facebook Pixel, ad-network tags, or any other third-party cookies beyond the two listed above.
If you're in the EU, UK, or any jurisdiction with similar data-protection law, you have the right to access, correct, port, or delete your personal data, and to withdraw consent for any non-essential cookies. Exercise those rights through our Privacy Policy → Your data rights or by emailing [email protected].
Most browsers let you block all cookies, block third-party cookies, or clear cookies on demand:
Heads up: the auth_sessioncookie is essential. Disabling it (or blocking SpellRack's cookies entirely) will prevent login. Stripe cookies are required to complete a checkout — block them and the upgrade flow won't work.
We'll update this page when we add, remove, or change a cookie. Material changes get an in-app banner. The "Last updated" date at the top reflects the most recent revision.